The purpose of a DMZ is to add an additional layer of security to an organization’s local area network. An external attacker only has direct access to equipment in the DMZ, rather than any other part of the network. 2. How many zones does your design Incorporate? Do you think an additional zone may be needed if the e-commerce server was Implemented? Explain why or why not. Ones, I would Implement a zone due to the costly nature of the e-commerce server I would want the added security. 3. While supporting PIPES Vans provides a secure, remote-access solution for mobile employees, it does not scale and requires stringent security operations and management procedures. What alternatives would you recommend for a scalable remote-access VPN solution for your design? SSL because almost all web browsers support SSL it provides extra security without any additional software needed. 4. As per the functional and technical requirements, where must you terminate the VPN tunnels for remote-access users?
Terminate the VPN in a DMS and locate the Web front end In the DMZ. 5. Where would you put an e-mail filter and quarantine system In place to scan and monitor e-mails and e-mail attachments? Explain why. Antivirus software In place to scan In relatable , also enable scanning on the email provider options 6. Where would you put a content filter system In place to prevent employee from non-business use of the Internet connection? Explain why. At the firewall because it can intercept specific content in a packet before it reaches its destination. 7. Explain how your IDS/PIPS positioning and solution achieves the C-I-A oils of the internal network.
An IDS is a software or hardware tool which allows to detect and warn about an attack or intrusion from authorized or non-authorized users to the system which is being protected. 8. Explain how the risk of data leakage can be mitigated with a data leakage prevention system and security monitoring controls. Enable in-depth firewalls for extra security and disable ports that allows sharing of Information and remote access 9. Your organization is under governance and compliance law requirements for protecting customer privacy data and implementing proper security controls to protect that data contained wealth the
Internal network. How many security controls does your DMZ and LANA-to-WAN Domain design incorporate? List them and describe how they help achieve C-I-A for 10. What is the cost-benefit trade-off for having this many security controls within the LANA-to-WAN Domain? Do you think this is overkill or Just right given the functional and technical requirements definition? I think it maybe overkill, but it depends on the impact of it affects the business operation. If the security measures are so costly it affects bottom line, then you have to weigh the impact of risk as well of the likelihood it will occur.